7ad33215fa95174bd24d6181cbd29fc07484aba3cac4f202ab21f9c9ad2ad219 | Triage

Sharing

General

Target

7ad33215fa95174bd24d6181cbd29fc07484aba3cac4f202ab21f9c9ad2ad219
Size

84KB
Sample

221011-1krv7affhn
MD5

6e957152702a9f36891524fa864b7ea0
SHA1

2bc96ebf5003c17b0137164fb85950dfdeeb1ca5
SHA256

7ad33215fa95174bd24d6181cbd29fc07484aba3cac4f202ab21f9c9ad2ad219
SHA512

fe64bfa48ed91b89e4921460d2f293b6e6b302fb115c553957163b3934e6870a898f979924ae40bab9a2fe9f33ed81e34f589b1d02fac8feae93e1dfbddb868d
SSDEEP

1536:TPJf83Q8W60IL26Ap8iJoq6hcGavn+7dfA:DJCx548iJR6LTd4

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  7ad33215fa95174bd24d6181cbd29fc07484aba3cac4f202ab21f9c9ad2ad219
- Size
  
  84KB
- MD5
  
  6e957152702a9f36891524fa864b7ea0
- SHA1
  
  2bc96ebf5003c17b0137164fb85950dfdeeb1ca5
- SHA256
  
  7ad33215fa95174bd24d6181cbd29fc07484aba3cac4f202ab21f9c9ad2ad219
- SHA512
  
  fe64bfa48ed91b89e4921460d2f293b6e6b302fb115c553957163b3934e6870a898f979924ae40bab9a2fe9f33ed81e34f589b1d02fac8feae93e1dfbddb868d
- SSDEEP
  
  1536:TPJf83Q8W60IL26Ap8iJoq6hcGavn+7dfA:DJCx548iJR6LTd4
Score

10^/10

persistence evasion
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
- Drops file in Drivers directory
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

evasionpersistence